Tor calls for help as its supply of bridges falters

Bridges help users in countries like China and Iran access the network.

Just like the US highway infrastructure, Tor needs new bridges. The encrypted anonymizing "darknet" that allows activists, journalists, and others to access the Internet without fear of censorship or monitoring—and which has also become a favored technology of underground groups like child pornographers—is having increasing difficulty serving its users in countries that have blocked access to Tor's entry points. Tor bridges are computers that act as hidden gateways to Tor's darknet of relays. After campaigning successfully last year to get more volunteers to run obfuscated Tor bridges to support users in Iran trying to evade state monitoring, the network has lost most of those bridges, according to a message to the Tor relays mailing list by Tor volunteer George Kadiankakis.

"Most of those bridges are down, and fresh ones are needed more than ever," Kadiankakis wrote in an e-mail, "since obfuscated bridges are the only way for people to access Tor in some areas of the world (like China, Iran, and Syria)." Obfuscated bridges allow users to connect to the Tor network without using one of the network's known public bridges or relays as an initial entry point.

Obfuscated bridges have become a necessity for Tor users in countries with networks guarded by various forms of deep packet inspection technology, where censors have put in place filters that spot traffic matching the signature of a Tor-protected connection. Some of these censors use a blocking list for traffic to known Tor bridges. To circumvent detection, Tor users can use a plugin called a "pluggable transport" to connect to an obfuscated bridge and mask their network signature.

To further evade potential censoring, the addresses for obfuscated bridges are not part of Tor's main directory but are stored in a distributed database called BridgeDB. The BridgeDB's interface spoons out addresses two at a time per request in an effort to prevent attacks to expose a full list, and no BridgeDB instance keeps a full list of the available bridges. Additionally, Tor provides "unpublished" bridge addresses to users who request them via e-mail. The Tor Project's support assistants—volunteers who respond to support requests—only respond to requests to e-mails from Gmail and Yahoo e-mail accounts to both deal with the flood of requests and reduce the chance that an attacker will be able to learn the addresses of a large number of bridges.

The problem for Tor is that those bridges do get detected by attackers over time, and pluggable transports can eventually be detected. The most widely used pluggable transport in the Tor network, obfs2, no longer works in China. A new plugin, obfs3, will work in China, but it runs only on the latest version of the obfuscated bridge proxy—which was recently rewritten in Python.

"Looking into BridgeDB," Kadiankakis wrote in his message to the Tor community, "we have 200 obfs2 bridges, but only 40 obfs3 bridges: this means that we need more people running the new Python obfsproxy! Upgrading obfsproxy should be easy now, since we prepared new instructions and Debian/Ubuntu packages." He added that there is also a particular need for more unpublished bridges.

For those who want to donate bridges to the Tor network, the easiest route is to use Tor Cloud, an Amazon Web Service Elastic Compute Cloud image created by the Tor Project that allows people to leverage Amazon's free usage tier to deploy a bridge.

From my limited understanding it looks like a bridge is a middle relay rather than an exit relay/node and as such does not as easily expose your IP address as the source of the content. It still recommends not running a relay on your home PC. Someone can correct me if I am reading that wrong.

Just once I would like to see an article about TOR that doesn't mention kiddie porn. No one says "The internet, often used by child pornographers", so why do journalists constantly level the same criticism at TOR?

Help me understand: does running one of these obfuscated bridges make my computer into an exit node? As in, would running it make my computer appear to be an exit point for someone pirating or doing CP or other illegal activity?

Just once I would like to see an article about TOR that doesn't mention kiddie porn. No one says "The internet, often used by child pornographers", so why do journalists constantly level the same criticism at TOR?

Fine...

Ars Technica, which is also run on a worldwide network that is also used to relay kitty porn, has a decent article about a problem with Tor, but doesn't really mention if home users can/should set up such a bridge without using Amazon, which also run on a network that has been known to be used to exchange kitten related pornography.

Just once I would like to see an article about TOR that doesn't mention kiddie porn. No one says "The internet, often used by child pornographers", so why do journalists constantly level the same criticism at TOR?

Probably because the internet isn't "your" network whereas if you ran a bridge it would be.

Alright, I am already supporting some exit server via a monthly flatter donation. I am all for this but I am not willing to assume any kind of legal risk. Any way I can donate to support this without running a node?

Well one Tor needs to be easy to set up with easy accessible controls (Webmin plugin would help). Two try running on Android cellphones. Nodes aplenty. It also needs to run on as many different architectures as possible. Darn it, my toaster needs to be a node.

This is a pretty poor article. No links to the actual email, no links to running a bridge, and no links or suggestions on how one might run an obfuscated bridge. Why even post an article if you don't offer any useful references?

Help me understand: does running one of these obfuscated bridges make my computer into an exit node? As in, would running it make my computer appear to be an exit point for someone pirating or doing CP or other illegal activity?

No. A relay and an exit node are two different things. Traffic hops through multiple relays before hitting an exit node and continuing on to its final destination. You can be a relay without being an exit node. Only the exit node has any access to the unencrypted traffic, assuming the client was relaying unencrypted traffic to somewhere on the general internet. While TOR does not provide absolute anonymity, and it is possible to figure out who the nodes and client are by acting as an exit node and collecting enough traffic information, a single relay can be expected to have no information about what the information is being passed.

One thing this article absolutely needs is at least a mention towards the risks a bridge incurs. If I run a bridge, what kinds of block lists is my IP/domain going to get put on? Am I going to get targeted by Chinese/Iran sponsored attacks? Is some Anonymous-like collective going to persecute me for supporting child porn?

I don't know much about this myself, which is why I ask. The article presents providing a bridge as an altruistic act supporting a worthwhile cause, but one should enter into it well-educated and aware of what is going on, as the Tor darknet is often a slimy place.

I ran a bridge node for months but had to stop because of blacklist providers who won't differentiate between a Bridge node and an Exit node; dan.me.uk comes to mind.

I locally run a mail server and a Yacy crawler both of which would have their traffic rejected. I discovered my IP blacklisted as a TOR Exit point and changed my IP address. Half a day later my services would be blocked again.

There are legit reasons to block an exit node, I maintain an exit node list myself for spam blocking.But blocking bridge nodes is nothing less than an show of hostility against the TOR network.

I've sent brief messages to TOR devs about the issue w/o reply. I realize they have no power over list compilers. However, it would be in TOR's interest to publicize this problem and educate EdgeSec providers on what blocking lists are effective and which are counterproductive overkill.

Just to join some of the other commentators' requests: Ars, I'd love to see a breakdown of what having a bridge on my home network or an Amazon cloud would mean in a technical and legal sense. I know you're not lawyers, but some sense of liability along with a discussion of how the tech works would be incredibly useful for those of us weighing whether or not to help.

What's with all the @ crap here lately? Not using the quote function means that sooner or later - usually sooner, particularly in busy threads - no one but YOU will have any idea what you are citing or referring to, let alone be able to follow your "conversation." This is not Twitter.

The way I see it is that there is no "I want to help but I don't want to support CP" option. Nor do I particularly want anyone to suck my bridge bandwidth while ddossing a .tor CP site.

You can set the limit of bandwidth to whatever level you want. Even if someone still does use your small amount of kilobytes to DDOS, you will still be supporting those who are censored. It seems silly to me that you would consider hosting TOR but pass over it because you're afraid someone will use you to DDOS. Do you really give that much of a fuck about DDOS's?

From my limited understanding it looks like a bridge is a middle relay rather than an exit relay/node and as such does not as easily expose your IP address as the source of the content. It still recommends not running a relay on your home PC. Someone can correct me if I am reading that wrong.

I did some research and decided that I would if I was going to do this I would run the bridge on a clean VM on a different subnet not part of my inside secure subnet. Might be fun to try.

Well one Tor needs to be easy to set up with easy accessible controls (Webmin plugin would help). Two try running on Android cellphones. Nodes aplenty. It also needs to run on as many different architectures as possible. Darn it, my toaster needs to be a node.

Imagine the security risks exposed by java also being installed on your toaster.

Just once I would like to see an article about TOR that doesn't mention kiddie porn. No one says "The internet, often used by child pornographers", so why do journalists constantly level the same criticism at TOR?

Really. What the hell does kiddie porn have to do with this article? Not a damn thing.

What's with all the @ crap here lately? Not using the quote function means that sooner or later - usually sooner, particularly in busy threads - no one but YOU will have any idea what you are citing or referring to, let alone be able to follow your "conversation." This is not Twitter.

Ever try typing quote tags in on a phone or tablet? It's a pain in the ass.

The appropriate solution would be the commenting system to parse @user to create jump links to the most recent comment by the specified user.

Or a spiffy AJAX overlay that lists a brief summary of all of the user's comments in the thread (latest first) with jump links to each one.

Just once I would like to see an article about TOR that doesn't mention kiddie porn. No one says "The internet, often used by child pornographers", so why do journalists constantly level the same criticism at TOR?

Probably because the internet isn't "your" network whereas if you ran a bridge it would be.

Bingo! Just like a VPN wouldn't be considered "the internet", a Tor node isn't either. That's kind of the point of both.

"If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place..." --Eric Schmidt, Google CEO

/s

"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place, but if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it's important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities." --Eric Schmidt, Google CEO

What's with all the @ crap here lately? Not using the quote function means that sooner or later - usually sooner, particularly in busy threads - no one but YOU will have any idea what you are citing or referring to, let alone be able to follow your "conversation." This is not Twitter.

Ever try typing quote tags in on a phone or tablet? It's a pain in the ass.

The appropriate solution would be the commenting system to parse @user to create jump links to the most recent comment by the specified user.

The appropriate solution is to just use the damn quote function, which automatically puts the quote tags in for you.

I ran a bridge node for months but had to stop because of blacklist providers who won't differentiate between a Bridge node and an Exit node; dan.me.uk comes to mind.

I locally run a mail server and a Yacy crawler both of which would have their traffic rejected. I discovered my IP blacklisted as a TOR Exit point and changed my IP address. Half a day later my services would be blocked again.

There are legit reasons to block an exit node, I maintain an exit node list myself for spam blocking.But blocking bridge nodes is nothing less than an show of hostility against the TOR network.

I've sent brief messages to TOR devs about the issue w/o reply. I realize they have no power over list compilers. However, it would be in TOR's interest to publicize this problem and educate EdgeSec providers on what blocking lists are effective and which are counterproductive overkill.

But you fail to say why a show of hostility against the TOR network is a bad thing. This kind of reminds me of the article about the block list which puts networks who are repeat offenders of hosting spammers on a grey list. If TOR is being commonly used by spammers to get around block lists, why is it a bad thing for them to block the entire chain? You aren't exactly a hurt innocent bystandard here, since you are choosing to be node.

Just once I would like to see an article about TOR that doesn't mention kiddie porn. No one says "The internet, often used by child pornographers", so why do journalists constantly level the same criticism at TOR?

Really. What the hell does kiddie porn have to do with this article? Not a damn thing.

RTFA:

Quote:

and which has also become a favored technology of underground groups like child pornographers

I ran a bridge node for months but had to stop because of blacklist providers who won't differentiate between a Bridge node and an Exit node; dan.me.uk comes to mind.

I locally run a mail server and a Yacy crawler both of which would have their traffic rejected. I discovered my IP blacklisted as a TOR Exit point and changed my IP address. Half a day later my services would be blocked again.

There are legit reasons to block an exit node, I maintain an exit node list myself for spam blocking.But blocking bridge nodes is nothing less than an show of hostility against the TOR network.

I've sent brief messages to TOR devs about the issue w/o reply. I realize they have no power over list compilers. However, it would be in TOR's interest to publicize this problem and educate EdgeSec providers on what blocking lists are effective and which are counterproductive overkill.

But you fail to say why a show of hostility against the TOR network is a bad thing. This kind of reminds me of the article about the block list which puts networks who are repeat offenders of hosting spammers on a grey list. If TOR is being commonly used by spammers to get around block lists, why is it a bad thing for them to block the entire chain? You aren't exactly a hurt innocent bystandard here, since you are choosing to be node.

Well, TOR isn't commonly used by spammers, because there are many, many millions of more spam hosts on the open internet than on the darknet. The same argument applies to DDoS attacks. No one is going to use TOR for such activities because the targets of such attacks are on the internet, not the darknet so there's absolutely no reason for them to use TOR. They may be evil, but they're not idiots.

Absolutely anonymity means no accountability, which means that you don't need to face the consquences for your actions.

Let's say that I developed the power to telepathically bitch-slap people... just an invisible and untraceable telekinetic force that takes the form of a hand, and smacks you across the face.... usable from, like, 30 yards away. Maybe I start-off bitch-slapping people who really deserve it... but since I can't be found-out, I might be tempted to bitch-slap people for fun or just because they annoy me (you ate the last custard doughnut? I might have to smack a bitch".

In this case, though, Tor doesn't give you absolute anonymity, it just means that your IP address cannot be traced.... there are still lots of ways to catch you.

From my limited understanding it looks like a bridge is a middle relay rather than an exit relay/node and as such does not as easily expose your IP address as the source of the content. It still recommends not running a relay on your home PC. Someone can correct me if I am reading that wrong.

There are 3 kinds of relays in the TOR network. And you can run the type that suits you best.

"Exit Relays" allow outgoing connections to the public internet. This of course carries some risks, legal and otherwise, although it can be minimized by selecting an appropriate exit policy (ie, port 80 and 443 only).

"Non-Exist" relays only forward traffic to other relays, no outgoing connections to the public internet.This still carries a tiny bit of risk: the TOR relay database is public and some (silly) black lists include all TOR relays, even the non-exit ones.So, there's a small risk that you'll find yourself in some black list.I've never had a problem, though!

"Bridges" are (non-exit usually) relays which are not in the main public database. They (can) also support a obfuscated communication protocol which makes it harder for DPI systems to identify traffic between TOR clients and TOR relays.The goal is to circumvent censorship systems which block access to the publicly listed relays (ie, the great firewall of China).The risk for the relay operator is even less than with a non-exit relay.

So... if you can, please donate a bit of bandwidth and run a TOR bridge with the latest obsproxy.

Sean Gallagher / Sean is Ars Technica's IT Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.